PrivateBin CLI on python 3
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

88 lines
2.5 KiB

import os
from base64 import b64decode, b64encode
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend
_BACKEND = default_backend()
def decrypt(pwd, json):
iv = b64decode(json['iv'])
ct = b64decode(json['ct'])
salt = b64decode(json['salt'])
ts = json['ts'] / 8
tag_start = len(ct) - ts
tag = ct[tag_start:]
ciphertext = ct[:tag_start]
mode_class = getattr(modes, json['mode'].upper())
algo_class = getattr(algorithms, json['cipher'].upper())
kdf = _kdf(json['ks'], iters=json['iter'], salt=salt)[0]
key = kdf.derive(pwd)
cipher = Cipher(algo_class(key),
mode_class(iv, tag, min_tag_length=ts),
backend=_BACKEND)
dec = cipher.decryptor()
result = dec.update(ciphertext) + dec.finalize()
return result
def encrypt(pwd, plaintext, salt_in=None, mode='gcm', algorithm='aes',
keysize=256, tagsize=128, iters=10000):
ts = tagsize / 8
mode_class = getattr(modes, mode.upper())
algo_class = getattr(algorithms, algorithm.upper())
iv = os.urandom(16)
kdf, salt = _kdf(keysize, iters, salt_in)
key = kdf.derive(pwd)
cipher = Cipher(algo_class(key),
mode_class(iv, min_tag_length=ts),
backend=_BACKEND)
enc = cipher.encryptor()
ciphertext = enc.update(plaintext) + enc.finalize()
json = {
"v": 1,
"iv": b64encode(iv),
"salt": b64encode(salt),
"ct": b64encode(ciphertext + enc.tag[:ts]),
"iter": iters,
"ks": keysize,
"ts": tagsize,
"mode": mode,
"cipher": algorithm,
"adata": ""
}
return json
def _kdf(keysize=256, iters=10000, salt=None, **kwargs):
kdf_salt = salt or os.urandom(8)
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(),
length=keysize / 8,
salt=kdf_salt,
iterations=iters,
backend=_BACKEND)
return kdf, kdf_salt
if __name__ == "__main__":
import json
blob = '{"iv":"/6dKRRAOZ60oyumLMQsBtg==","v":1,"iter":256000,"ks":128,"ts":64,"mode":"gcm","adata":"","cipher":"aes","salt":"s8+LFcBmbcc=","ct":"wTapp5CWmD6SFA=="}'
data = json.loads(blob)
result = decrypt('pwd', data)
assert result == "hi"
print(decrypt('pwd', encrypt('pwd', result, tagsize=64)))